sys-boot/shim: Include @@VERSION@@ in SBAT for version

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
2025-09-29 01:21:02 +02:00 · 2024-09-06 19:43:25 +05:30 · 2024-09-06 19:43:25 +05:30 · 02c0bdaa28
commit 02c0bdaa28
parent eef935e596
3 changed files with 7 additions and 2 deletions
--- a/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/files/sbat.csv
+++ b/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/files/sbat.csv
@ -1 +0,0 @@
 shim.flatcar,1,Flatcar Container Linux,shim,15.8,security@flatcar-linux.org
--- a/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/files/sbat.csv.in
+++ b/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/files/sbat.csv.in
@ -0,0 +1,3 @@
 sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
 shim,4,UEFI shim,shim,1,https://github.com/rhboot/shim
 shim.flatcar,1,Flatcar Container Linux,shim,@@VERSION@@,security@flatcar-linux.org
--- a/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-15.8-r2.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-15.8-r2.ebuild
@ -31,6 +31,9 @@ src_compile() {
  local emake_args=(
    CROSS_COMPILE="${CHOST}-"
  )
  sed -e "s/@@VERSION@@/${PVR}/" "${FILESDIR}"/sbat.csv.in >"${WORKDIR}/sbat.csv" || die
  # Apparently our environment already has the ARCH variable in
  # it, and Makefile picks it up instead of figuring it out
  # itself with the compiler -dumpmachine flag. But also it
@ -42,7 +45,7 @@ src_compile() {
    emake_args+=( ARCH=aarch64 )
  fi
  emake_args+=( ENABLE_SBSIGN=1 )
-  emake_args+=( SBATPATH="${FILESDIR}/sbat.csv" )
+  emake_args+=( SBATPATH="${WORKDIR}/sbat.csv" )
  if use official; then
    if [ -z "${SHIM_SIGNING_CERTIFICATE}" ]; then
		`@ -1 +0,0 @@`
			`shim.flatcar,1,Flatcar Container Linux,shim,15.8,security@flatcar-linux.org`